Exalyze

Analyze, search and match suspicious files to detect malwares using state of the art static and code analysis algorithms

Designed by malware analysts for malware analysts

Drag & drop your samples here

or to get started

By uploading files, you confirm that you are authorized to submit this content for analysis and agree to our Terms of Service.

Maximum upload size: 25MB • Max files per upload: 10 • Supported file types: PE and ELF executables

Key features

Our comprehensive analysis platform provides industry-leading capabilities for malware analysts, security professionals and CERT practitioners

Advanced Static Analysis

Deep inspection of file properties and executable structures

  • Machoc Hash comparison
  • Code structure analysis
  • Obfuscation detection
Code Analysis

Advanced code analysis to understand malware capabilities

  • Full binary disassembly
  • Automatic function identification
  • Malicious API usage detection
Threat Intelligence

Compare samples against our extensive database of known threats

  • Malware algorithmic identification
  • MITRE ATT&CK mapping
  • Similarity by code matching

Database stats

Powered by an ever growing community, Exalyze is one of the most comprehensive malware advanced analysis and matching tool available on the market

156.7K

Samples Analyzed

149.3M

Functions analyzed

115.8M

PE Functions analyzed

4.6M

ELF Functions analyzed

Use cases

Here are a few examples of known malwares to highlight how Exalyze empowers malware analysts in their mission

Mélofée is a custom Linux malware used by chinese state sponsored APT groups. Using Exalyze, it is possible to match between the first Mélofée sample we published and one found in 2024 by Qianxin.

This infamous backdoor family is used since 2008 by a multitude of threat actors. This specific sample was used in military targeted attacks targeting Afghanistan and Tajikistan (source)

Using Exalyze's search, you can quickly find several variants of the infamous Agent.BTZ / ComRAT malware, which is is a remote control tool used in targeted Russians attributed attacks. This sample is a good starting point. (source)

This Dark Crystal RAT sample , attributed to Sandword (Russian GRU), was used to target Ukrainian users (source)

This SysJoker sample was used in Hamas-affiliated attacks to target Israel. (source)

Coloredlambert or Longhorn is an advanced suite of backdoors and tools attributed to CIA for targeted spy activities. Lambert

Community

Join our community of malware analysts and interact with the team behind Exalyze

Join us on Discord

Plans

Collaboratively hunt malwares using Exalyze groups, use Exalyze to analyze sensitive or confidential samples

Subscribe